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Time Limit : 3 hours Total Marks : 90 

This is a closed book exam. Please write your answers legibly in the space provided on the 
examination paper. Many of the questions are subjective with no perfectly correct answer: the 
key is to be coherent and on topic, and to bring up the essential issues. Use point form whenever 
you can. If you need more space, use the back of the page, but you should note that the space 
provided corresponds approximately to the length of answer desired. Rough work can be done 
in the answer booklets. You have approximately 2 minutes per mark, so budget your time 
appropriately. Good luck. 

Part I - Multiple Choice and True/False Questions 
[6 marks, each question -1 mark] 

There is one best answer to each of the following questions. 

1. One kind of system attack is based on “social engineering”. An example of such an 

attack is to_: 

a. find a hole in the firewall through port scanning 

b. flood the system with requests 

c. monitor traffic in and out of the system to discover passwords or confidential 
information 

d. get a legal user of the system to tell you their password 

2. In the event of a security incident, the first goal should be to_ 

a. monitor the intruder's attack 

b. catch the intruder in his next attempt 

c. inform the public about the attack 

d. regain control and minimize damage 

3. Of these factors, which is the most important in causing poor-quality software? __ 

a. software manufacturers are under extreme pressure to reduce the cost for the project 

b. there is a shortage of programmers worldwide 

c. software manufacturers are under extreme pressure to reduce the time-to-market of 
their products 

d. unstable hardware 
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4. A denial-of-service attack requires a break-in at the target computer before it can cause 
any real harm to the target site. 

True or False?__ 

5. Trade secret law does not prevent someone from reverse engineering the end product to 
figure out the trade secret behind it. 

True or False?_ 

6. If an author produces the work while in the employment of another, it is the employer 
who is considered to be the author. 

True or False?_ 


Part II - Short Answers [14 marks, each question - 2 marks] 

The questions in this part of the exam have very short answers, normally a phrase or two. Keep 
your answers short and to the point. For example 

0. What is the difference between utilitarian and deontological approaches to ethics? 
Answer: utilitarian : an action is ethical depending upon its consequences; 
deontological : an action is intrinsically ethical or not.” 


7. What is the difference between positive (claim) rights and negative rights (freedoms). 


8. What do the neo-Luddites mean when they say technology creates artificial needs? 


9. What is the difference between licensing and certification of software professionals? 


10. Using a simple example explain the difference between rule utilitarianism and act 
utilitarianism. 
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11. What is the fair use doctrine? 


12. What does “CIA” stand for in a computer security context? 


13. What is transactional data? Why is it a problem for privacy? 


Part III - Discussion Questions [40 marks, each question - 5 marks] 

The answers to questions in this part of the examination require about a paragraph or so 
of explanation. Usually there are several points to be made. You may use point form or 
a list of bulleted items to make your answer clear. 

14. Suppose an employee of a U.S.-based e-trading system (such as Yahool’s auction 
system or e-Bay, for example) visits France and gets arrested because the site allows 
trading materials that are illegal in France. 

— Would such an arrest be more or less justified than the U.S. government's arrest of 
Dimitry Sklyarov? Explain. 
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15. Explain how public key encryption can be used to allow digital signatures. Be explicit. 


16. What are the major causes of computer system failure? 


17. Argue in favour of one (and only one) of the following propositions: software should be 
patented, software should be copyrighted, software should be open source. 
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18. It has been said that “the internet is the best guarantee of free speech ever.” What 
aspects of the internet could the speaker have been referring to and why might they lead 
to a better guarantee of free speech than was available before the internet? 


19. Peer to peer computing is seen as a threat to the recording industry. Why? Indicate 
ways in which the recording industry could fight this threat. 


20. A big worry among some people is that computers are leading to a massive de-skilling 
of the population. Argue against this proposition, drawing on historical parallels 
wherever possible. 
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21. Assume you work for an information technology company developing highly original 
commercial software. You create a firewall around the computer systems inside your 
company. Are your security concerns now solved? If so, explain how the firewall will 
protect you. If not, explain why not. 


Part IV - Case Study [30 marks] 

22. Suppose that you have been hired by a government-owned automobile and life insurance 
company as a consultant to evaluate the ethical, social, and security implications of a 
proposed new information system being developed by the insurance company. It is 
proposed that this new information system: 

• keep track of all information about customers in a database; 

• use data mining to find patterns in this information to compute each customer’s 
risk profile in order to determine his or her insurance rate; 

• access government medical databases to get more information to compute these 
profiles more accurately; 

• allow direct access to database and risk profiles by personnel at insurance 
agencies across the province so that they can interact with customers who are 
purchasing insurance policies; 

• allow web access to the database by customers to check upon the state of their 
policies and the accuracy of the information being kept about them in the 
database. 

For this question you are to write an executive summary of the report you would prepare 
for the insurance company. Drawing on the broad range of issues discussed in this 
course, you should point out the main social, ethical, and security problems you have 
about the system, why they are problems, and possible recommendations to rectify the 
problems. You might draw upon the formal approach to ethical decision making 
discussed at the end of the course in order to identify the stakeholders involved, risks 
and issues of importance, and approaches to overcoming these risks and resolving these 
issues. 

The executive summary should be 

• 1.5 to 2 pages long; 

• raise only the most important problems (no more than 5 or 6); 

• give a synopsis of why each of them is a problem; 

• give 1 or 2 main recommendations for dealing with each problem. 
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22. (continued) 
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22. (continued) 
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Project Group Evaluation 

Evaluate the contribution of everyone in your project group, including yourself. State 
contributions as percentages, and base the evaluations on both the extent of participation (time 
and effort) and on the quality of participation (knowledge, technical skills, writing skills, etc.). 
The numbers should add up to 100%: for example, person A contributed 35%, B 20%, and C 
45%. These evaluations (from all the members of your group) will be taken into account in 
assigning final project marks to each person. Additional comments will also be considered and 
appreciated. These evaluations and comments will be kept completely confidential. 

Your Name:_ Your Group Number:_ 


Member Name 

Percent Contribution 

1. YOU 


2. 


3. 



Additional comments about your group or specific group members: 


THE END - Good luck on the rest of your exams! 
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